// SCAN REPORT

Storybloq

54 tools. 27 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

27 can modify or destroy data
27 read-only
54 tools total

Community server · catalogue entry verified 10/06/2026

How to control Storybloq ↓

TOOL MAP

Read (27) Write / Execute (26) Destructive / Financial (1)

MOST DANGEROUS TOOLS

Critical Risk
Destructive · Medium storybloq_selftest The tool explicitly performs deletions as part of its smoke test routine. Execute · High storybloq_autonomous_guide This tool orchestrates autonomous decision-making across a session, triggering actions at every decision point. Write · Medium storybloq_handover_create This tool creates (writes) a new handover document, which is a reversible operation. Write · Medium storybloq_init This tool creates a new project structure (.story/ directory) in the current working directory.

27 of Storybloq's 54 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL STORYBLOQ

PolicyLayer is an MCP gateway — it sits between your AI agents and Storybloq, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "storybloq_selftest": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "storybloq_snapshot": {
    "limits": [
      {
        "counter": "storybloq_snapshot_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "storybloq_blocker_list": {
    "limits": [
      {
        "counter": "storybloq_blocker_list_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Storybloq — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON STORYBLOQ →

Free to start. No card required.

ALL 54 STORYBLOQ TOOLS

DESTRUCTIVE 1 tools
Destructive storybloq_selftest Integration smoke test — creates, updates, and deletes test entities to verify the full pipeline
EXECUTE 1 tools
Execute storybloq_autonomous_guide Autonomous session orchestrator. Call at every decision point during autonomous mode. Supports tiered access:
WRITE 25 tools
Write storybloq_snapshot Save current project state for session diffs. Creates a snapshot in .story/snapshots/. Write storybloq_handover_create Create a handover document from markdown content Write storybloq_init Initialize a new .story/ project in the current directory Write storybloq_issue_create Create a new issue. ID assignment is serialized under the project lock, so concurrent creates that acquire the Write storybloq_issue_meta_set Set custom passthrough metadata on an issue. Core issue fields are protected. Write storybloq_issue_meta_unset Unset custom passthrough metadata on an issue. Core issue fields are protected. Write storybloq_issue_update Update an existing issue Write storybloq_lesson_create Create a new lesson. ID assignment is serialized under the project lock, so concurrent creates that acquire th Write storybloq_lesson_reinforce Reinforce a lesson — increment reinforcement count and update lastValidated date Write storybloq_lesson_update Update an existing lesson Write storybloq_node_add Add a federation node to an orchestrator project Write storybloq_node_init Initialize .story/ in a federation child node from the orchestrator. Does not require allowNodeWrites. Write storybloq_node_update Update an existing federation node Write storybloq_note_create Create a new note. ID assignment is serialized under the project lock, so concurrent creates that acquire the Write storybloq_note_update Update an existing note Write storybloq_phase_create Create a new phase in the roadmap. Exactly one of after or atStart is required for positioning. Write storybloq_register_subprocess Register a running subprocess so monitors can distinguish slow builds from hung agents. Writes a per-PID file Write storybloq_review_lenses_judge Prepare the judge prompt for final verdict after merger. Applies verdict calibration rules and convergence tra Write storybloq_review_lenses_prepare Prepare a multi-lens code/plan review. Returns lens prompts for the agent to spawn as parallel subagents. Hand Write storybloq_review_lenses_synthesize Synthesize lens results after parallel review. Validates findings, applies blocking policy, classifies origin Write storybloq_ticket_create Create a new ticket. ID assignment is serialized under the project lock, so concurrent creates that acquire th Write storybloq_ticket_meta_set Set custom passthrough metadata on a ticket. Core ticket fields are protected. Write storybloq_ticket_meta_unset Unset custom passthrough metadata on a ticket. Core ticket fields are protected. Write storybloq_ticket_update Update an existing ticket Write storybloq_unregister_subprocess Unregister a subprocess after it completes. Idempotent -- no error if the PID was already unregistered. Relaxe
READ 27 tools
Read storybloq_blocker_list All roadmap blockers with dates and status Read storybloq_handover_get Content of a specific handover document by filename Read storybloq_handover_list List handover filenames (newest first) Read storybloq_lesson_digest Compiled ranked digest of active lessons — primary read interface for context loading Read storybloq_lesson_get Get a lesson by ID Read storybloq_lesson_list List lessons with optional status/tag/source filters Read storybloq_node_list List configured federation nodes in an orchestrator project Read storybloq_note_get Get a note by ID Read storybloq_note_list List notes with optional status/tag filters Read storybloq_phase_list All phases with derived status (complete/inprogress/notstarted) Read storybloq_recap Session diff — changes since last snapshot + suggested next actions. Shows what changed and what to work on. Read storybloq_status Project summary — returns guidance if no .story/ project found Read storybloq_ticket_get Get a ticket by ID (includes umbrella tickets) Read storybloq_ticket_list List leaf tickets with optional filters Read storybloq_ticket_meta_get Get custom passthrough metadata for a ticket. Omitting path returns all custom metadata. Read storybloq_validate Reference integrity + schema checks on all .story/ files Read storybloq_export Self-contained project document for sharing Read storybloq_handover_latest Content of the most recent handover document(s) Read storybloq_issue_get Get an issue by ID Read storybloq_issue_list List issues with optional filters Read storybloq_issue_meta_get Get custom passthrough metadata for an issue. Omitting path returns all custom metadata. Read storybloq_phase_current First non-complete phase with its description Read storybloq_phase_tickets Leaf tickets for a specific phase, sorted by order Read storybloq_recommend Context-aware ranked work suggestions mixing tickets and issues Read storybloq_session_report Generate a structured analysis of an autonomous session — works even if project state is corrupted Read storybloq_ticket_blocked All blocked tickets with their blocking dependencies Read storybloq_ticket_next Highest-priority unblocked ticket(s) with unblock impact and umbrella progress

FAQ

Can an AI agent delete data through the Storybloq MCP server? +

Yes. The Storybloq server exposes 1 destructive tools including storybloq_selftest. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Storybloq? +

The Storybloq server has 25 write tools including storybloq_snapshot, storybloq_handover_create, storybloq_init. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Storybloq.

How many tools does the Storybloq MCP server expose? +

54 tools across 2 categories: Read, Write. 27 are read-only. 27 can modify, create, or delete data.

How do I enforce a policy on Storybloq? +

Register the Storybloq MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Storybloq tool call.

Deterministic rules across all 54 Storybloq tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON STORYBLOQ →

Free to start. No card required.

54 Storybloq tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.